An internal penetration test is a comprehensive assessment of an organisation's internal network security. Unlike external penetration tests that focus on assets accessible from the internet, internal penetration tests evaluate the security of assets within the organisation's internal network perimeter.
During an internal penetration test, our consultants simulate attacks from within the organisation's network. This can involve exploiting vulnerabilities in network devices, servers, workstations, databases, and other internal systems.
If Active Directory (AD) is present, the consultants will attempt to escalate privileges, extract sensitive information, or compromise user accounts. Active Directory is a common target in internal penetration tests due to its central role in managing user authentication, access control, and other security-related functions within a Windows-based network environment. At Tier Zero Security, we also provide training on Active Directory security. For more information, click here.
Internal penetration tests may also assess the effectiveness of security controls such as firewalls, intrusion detection/prevention systems, and endpoint security solutions in detecting and preventing unauthorized access or malicious activities from within the network.
The primary goal of an internal penetration test is to identify and address vulnerabilities and weaknesses in the organisation's internal network infrastructure and systems before they can be exploited by malicious insiders or external attackers who have gained access to the internal network through other means. By proactively identifying and mitigating these risks, your organisation can enhance the overall security posture and better protect sensitive data and resources.
At Tier Zero Security, we use Open Source Security Testing Methodology Manual (OSSTMM) and Open Web Application Security Project (OWASP) Testing Guide methodologies.
For a full list of Tier Zero Security's penetration testing services, please visit our Tier Zero Security penetration testing services page.
Discover all of our services at this link.